Restrict SSM access using instance tags

As a SSM user I want to be granted access only to instances having a specific tag.

• create a second linux demo instance
• create a policy that grant access to specific instance tags
• add the developer to this group
• test access